|My question is based on a true story: due to lack of communication an instrument-network got the same domain-name as the office-LAN and both were connected using a hardware firewall with a minimum of allowed ports. Both networks used WINDOWS Server 2003 R2 (Std.) and each had its own active domain controller. Moreover the office-LAN had two redundant domain controllers. All seemed well, but one day later the office-LAN made a fatal crash. The service-expert from Microsoft found, that both on the active LAN-domain-controller as well as on the local redundant LAN-domain-controller elementary files (DNS...) and also the event logs were deleted and lost.|
The MS-expert meant, this damage was either caused by a virus or by a domain server conflict.What concerns virus-theory, we had caught Conficker.B in our LAN, but after switching to Kasperski Antivirus it could be controlled (despite viruses still are in our LAN and Kasperski every day alerts several times). What concerns active domain-controller conflict, it seems strange to me that the LAN-controllers survived nearly one day, that even log-files got deleted and that the problem spread on both the active as well as the redundant LAN-domain.controller. Moreover I do not believe, that Microsoft would allow for such an easy vulnerability (attacker just plugs-in a laptop with active domain controller setup and same domain name to the LAN and damages the original active domain-controller heavily).
I am no IT-expert, but maybe someone can tell me whether the observed heavy damage is usual in the case of two active domain-controllers in the same network or what else would happen in such a case?